Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Bugzilla 3.7.x < 3.7.2 Information Disclosure Vulnerability

Medium

Synopsis

The remote web server is hosting an application that is affected by an information disclosure vulnerability.

Description

The remote web server is hosting Bugzilla, a web-based bug tracking application.

Versions of Bugzilla 3.7.x earlier than 3.7.2 fail to restrict access to bugs created with the inboud email interface (email_in.pl) or with the 'Bug.create' method in the WebServices interface to the 'mandatory; or 'Default' groups. This could allow bug information to become publicly available instead of being restricted to certain groups.

Solution

Upgrade to Bugzilla 3.7.2 or later.